Wordfence Intelligence   >   Vulnerability Database   >   WordPress Core

Showing 201-220 of 362 WordPress Core vulnerabilities

Submit a Vulnerability
WordPress Core < 3.9.2 - Deserialization via Widgets
7.2
CVE-2014-5203
Aug 6, 2014
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL
3.8
CVE-2014-5240
Aug 6, 2014
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
WordPress Core < 4.0.1 - Cross-Site Request Forgery to Authentication Takeover
8.8
CVE-2014-9033
Aug 6, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WordPress Core < 3.9.2 - Cross-Site Request Forgery Protection Bypass
8.8
CVE-2014-5204
Aug 6, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WordPress Core < 3.9.2 - Denial of Service via XML
2.7
CVE-2014-5265
Aug 6, 2014
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
WordPress Core <= 3.9.1 - XML External Entity (XXE) Weakness
5.3
CVE-2014-2053
Aug 6, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
WordPress Core < 3.8.2 - SQL Injection
7.2
CVE ID Unknown
Apr 9, 2014
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WordPress Core < 3.8.2 - Contributor Users Can Publish Posts
4.3
CVE-2014-0165
Apr 8, 2014
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WordPress Core < 3.8.2 - Authentication Cookie Forgery
6.5
CVE-2014-0166
Apr 8, 2014
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service
8.8
CVE-2013-7233
Dec 17, 2013
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
WordPress Core < 3.6.1 - .swf and .exe File Upload
6.4
CVE-2013-5739
Sep 11, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress Core < 3.6.1 - Spoof Post Authorship
6.3
CVE-2013-4340
Sep 11, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
WordPress Core < 3.6.1 - Open Redirect
5.4
CVE-2013-4339
Sep 11, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
WordPress Core < 3.6.1 - HTML File Upload
6.4
CVE-2013-5738
Sep 11, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress Core < 3.6.1 - Deserialization
8.8
CVE-2013-4338
Sep 11, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WordPress Core < 3.5.2 - Cross-Site Scripting via Multiple Vectors
6.4
CVE-2013-2201
Jun 21, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
WordPress Core < 3.5.2 - XXE Injection
5.4
CVE-2013-2202
Jun 21, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
WordPress Core <= 3.5.1 - Content-Spoofing Attacks
4.6
CVE-2013-2204
Jun 21, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
WordPress Core <= 3.5.1 - Denial of Service via wp-postpass cookie
5.3
CVE-2013-2173
Jun 21, 2013
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
WordPress Core < 3.5.2 - Missing Authorization Checks
6.3
CVE-2013-2200
Jun 21, 2013
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Title CVE ID CVSS Vector Date
WordPress Core < 3.9.2 - Deserialization via Widgets CVE-2014-5203 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H August 6, 2014
WordPress Core < 3.9.2 - Authenticated Cross-Site Scripting via Avatar URL CVE-2014-5240 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N August 6, 2014
WordPress Core < 4.0.1 - Cross-Site Request Forgery to Authentication Takeover CVE-2014-9033 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H August 6, 2014
WordPress Core < 3.9.2 - Cross-Site Request Forgery Protection Bypass CVE-2014-5204 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H August 6, 2014
WordPress Core < 3.9.2 - Denial of Service via XML CVE-2014-5265 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L August 6, 2014
WordPress Core <= 3.9.1 - XML External Entity (XXE) Weakness CVE-2014-2053 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L August 6, 2014
WordPress Core < 3.8.2 - SQL Injection 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H April 9, 2014
WordPress Core < 3.8.2 - Contributor Users Can Publish Posts CVE-2014-0165 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N April 8, 2014
WordPress Core < 3.8.2 - Authentication Cookie Forgery CVE-2014-0166 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 8, 2014
WordPress Core < 2.1 - Cross-Site Request Forgery to Denial of Service CVE-2013-7233 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H December 17, 2013
WordPress Core < 3.6.1 - .swf and .exe File Upload CVE-2013-5739 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 11, 2013
WordPress Core < 3.6.1 - Spoof Post Authorship CVE-2013-4340 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L September 11, 2013
WordPress Core < 3.6.1 - Open Redirect CVE-2013-4339 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L September 11, 2013
WordPress Core < 3.6.1 - HTML File Upload CVE-2013-5738 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N September 11, 2013
WordPress Core < 3.6.1 - Deserialization CVE-2013-4338 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 11, 2013
WordPress Core < 3.5.2 - Cross-Site Scripting via Multiple Vectors CVE-2013-2201 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N June 21, 2013
WordPress Core < 3.5.2 - XXE Injection CVE-2013-2202 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N June 21, 2013
WordPress Core <= 3.5.1 - Content-Spoofing Attacks CVE-2013-2204 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N June 21, 2013
WordPress Core <= 3.5.1 - Denial of Service via wp-postpass cookie CVE-2013-2173 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L June 21, 2013
WordPress Core < 3.5.2 - Missing Authorization Checks CVE-2013-2200 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L June 21, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation